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Abstract 

We describe a new class of list decodable codes based on Galois extensions of function 
fields and present a list decoding algorithm. These codes are obtained as a result of folding 
the set of rational places of a function field using certain elements (automorphisms) from 
the Galois group of the extension. This work is an extension of Folded Reed Solomon codes 
to the setting of Algebraic Geometric codes. We describe two constructions based on this 
framework depending on if the order of the automorphism used to fold the code is large or 
small compared to the block length. When the automorphism is of large order, the codes 
have polynomially bounded list size in the worst case. This construction gives codes of rate 
R over an alphabet of size independent of block length that can correct a fraction of 1 — R — e 
errors subject to the existence of asymptotically good towers of function fields with large 
automorphisms. The second construction addresses the case when the order of the element 
used to fold is small compared to the block length. In this case a heuristic analysis shows 
that for a random received word, the expected list size and the running time of the decoding 
algorithm are bounded by a polynomial in the block length. When applied to the Garcia- 
Stichtenoth tower, this yields codes of rate R over an alphabet of size (\)°^\ that can 
correct a fraction of 1 — R — e errors. 
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1 Introduction 



Error correction codes are combinatorial objects that are used in reliable transmission of infor- 
mation. In block error correction, a message which consists of k symbols over an alphabet S is 
mapped into N symbols over the alphabet. The image of this mapping that is contained in S N 
defines a code. An element in the code is called a codeword and the Hamming distance between 
two codewords is defined as the number of coordinates where they differ. A received word is an 
arbitrary element in S N that arises as a corrupted version of the image of a message. A decoder 
for the code tries to find the message transmitted from the corrupted received word. The integer 
N is called as the block length of the code and R = jt the rate of the code. 

A list decoder outputs the list of all codewords which have sufficient agreement with the re- 
ceived word. A list decodable code is said to correct e errors if the number of codewords which 
are at a Hamming distance of at most e from any received word is bounded by a polynomial 
in the block length of the code. There is a tradeoff between the rate and the fraction of er- 
rors (S = 4?) corrected for codes over an alphabet of size q given by R < 1 — H q {8). Here 
H q (x) = x\og q (^-) + (I — x) \og q {j^)) is the g-ary entropy function. Zyablov and Pinsker 
[19], proved the existence of list decodable codes whose parameters satisfy the above tradeoff 
with equality. In particular Vi?,0 < R < 1, Wq > 2 there exists list decodable codes of rate 
R over an alphabet of size q that can correct a fraction of S = _ff (J _1 (l — R) errors. When the 

alphabet size q is at least 2^ , the fraction of errors corrected turns out to be at least 1 — R — e. 
Observe that R + 5 < 1 is a fundamental bound. The list decodable codes of Zyablov and 
Pinsker approach this fundamental bound as the alphabet size gets larger. However the con- 
struction uses random coding arguments and the codes are not explicit. Guruswami and Rudra 
[TU] described the first explicit family of codes called Folded Reed Solomon codes that achieve the 
R + S < 1 — e trade off. We present an abstraction of their folding scheme to the setting of Galois 
extensions of function fields to give a new class of codes called Folded Algebraic Geometric codes. 

Reed Solomon codes with unique decoding can correct a fraction of 1— % errors. The Guruswami- 
Sudan List Decoding algorithm for Reed Solomon codes improved the bound to 5 = 1 — \/~R [IT] . 
In [T3] , Parvaresh and Vardy introduced a new class of codes (Parvaresh-Vardy Codes) that could 
correct a fraction of 1 — mR m + 1 errors, for an integer m > 2. For certain rates, these can correct 
more errors than Reed Solomon codes running the Guruswami-Sudan list decoding algorithm. 
Building on [14], Guruswami and Rudra [10] constructed Folded Reed-Solomon codes of rate R 
that could correct 1 — R — e fraction of errors. Let N be the block length. The Folded Reed 
Solomon codes have an alphabet size requirement of (^)°^~*? , which is a large polynomial in the 
block length. Contained in 10] is a scheme to reduce the alphabet size based on concatenating 
Folded Reed Solomon codes with appropriate inner codes. Guruswami and Pathak [9] provide a 
generalization of the Parvaresh-Vardy code to the Algebraic-Geometric setting thereby reducing 
the alphabet size. By generalizing Folded Reed Solomon codes to Folded Algebraic Geometric 
codes we present a purely algebraic means of achieving the rate error correction tradeoff with 
alphabet size independent of the block length. Independent of this work, Guruswami [8] general- 
ized Folded Reed-Solomon codes to codes from cyclotomic function fields that have an alphabet 
size that grows logarithmically in the block length. 

Certain elements (automorphisms) from the Galois group of function field extensions are used to 
induce an ordering on the places of the function field used for defining the code. This ordering is 
used to fold the code and is exploited at the receiver to perform better error correction. Based 
on this general framework, we present two different construction depending on if the order of 
the automorphism used has order large or small compared to the block length. We present a 
list decoding algorithm for each case. The decoding algorithms are based on the interpolate and 
root find strategy common to [11] [14] [10] [9] . The root finding step turns out to be much more 
complicated. 
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When the automorphism has an order comparable to the block length of the code, the list size is 
bounded by a polynomial in the block length. When applied to asymptotically optimal function 
fields towers that contain a large automorphism, the resulting codes of rate R over an alphabet in- 
dependent of the block length can correct a fraction of 1 — R— e errors. However it is not known if 
such field extensions exists and we pose an open problem (See §[6|) regarding such field extensions. 

When the order of the automorphism used is small compared to the block length, the list de- 
coding is much more complicated. We translate the root finding problem over the function field 
into a root finding problem over the local completion at a place where the automorphism acts 
as the Frobenius. The interpolated multivariate polynomial is mapped to one of a finite collec- 
tion of polynomials in the local completion. We present an algorithm to solve the root finding 
problem over the local completion and a lifting of the solutions to the function field. The root 
finding algorithm in the local completion only depends on this finite collection of polynomials. 
If we pick a polynomial from this collection at random, the expected number of roots turns out 
to be polynomial in the degree of the interpolated polynomial and the size of the residue class 
field at that place. Under the heuristic that a random received word gets mapped to a random 
polynomial in this collection, the expected list size turns out to be bounded by a polynomial 
in the block length. (See § 14.21 for a discussion on why this heuristic assumption is reasonable.) 
When applied to the Garcia-Stichtenoth towers, we get codes over an alphabet of size (^■)° ( ' 7 ' 1 
that can correct a fraction of 1 — R — e errors. With our heuristic assumptions, the expected list 
size is bounded by N°(~\ 

2 Folding Algebraic Geometric codes using elements from 
Galois Groups 

In this section, we develop the ideas behind the code constructions and present a formal descrip- 
tion of Folded Algebraic Geometric codes. 

We begin by defining Reed-Solomon codes and then introduce Algebraic Geometric codes as 
generalizations of Reed-Solomon codes. Let F 9 be the finite field with q elements. Fix a size 
N subset of the elements of the finite field ¥ q . Messages are associated with polynomials 
{/ € F g [x], deg(f) < k} with k < N. Here deg(f) is the degree of the polynomial /. The 
image of {/ <G ¥ q [x],deg(f) < k} under evaluation at this subset is the Reed-Solomon code. 
Observe that the alphabet size q is at least as big as the block length for Reed-Solomon codes. 
Generalization to Algebraic Geometric codes yields codes of arbitrarily large block length over 
a fixed alphabet. Places in the function field take up the role of places of evaluation and the 
Riemann-Roch space takes up the role of the message space. We begin by stating some basic 
concepts in function fields. The reader is referred to [16] for a detailed description. 

Let K denote a function field that is a finite separable extension of the rational function field 
¥ q {x), where x is an indeterminate. Let L/K be a finite Galois extension of K. It is assumed 
that both L and K have ¥ q as the field of constants. A ring O C L is called a valuation ring of 
the function field L if ¥ q C O C L and for all / 6 L, either / £ O or / _1 € O. A valuation ring 
is a local ring and contains a unique maximal ideal. A place v of the function field L is defined as 
the maximal ideal of a valuation ring of L. If v is a place, then the corresponding valuation ring is 
determined as O v := {/ £ L : / _1 ^ v}. The quotient field F^ :— O v /v is called the residue class 
field at v. The degree of the place v, denoted by deg(v) is defined as the degree of the extension 
¥ v over ¥ q , and v is called a rational place if the degree of v is one. The natural reduction map 
O v — > O v /v is called as evaluation at v. Throughout, f(v) denotes the evaluation of / £ O v at v. 

Let V v (f) denote the valuation of / at v defined as follows. Let t £ O v generate the ideal 
u =< t >. Any / £ L can be written as / = t b f',b £ Z, where /' is a unit in O v . The 
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integer b is independent of the choice of t and is defined as V„(f)[TB][Ll.ll]. Let S denote the 
set of places in L. The group of divisors is the additive free abelian group V generated by the 
places of L. The elements of V are called as divisors. In particular, a divisor D is of the form 
D = X^es n vV, where n v G Z and n v = for all but a finite set. The degree of the divisor is 
deg(D) — X^es n v deg(v). A divisor of a function / G L is defined as div(f) :— ^2 v( z S V v (f)v. 
Let 

£(£>) = {feL: div(f) + D > 0} |J {0} 

denote the Riemann-Roch space associated with the divisor D. The dimension of the Riemann- 
Roch space is lower bounded as dim(C(D)) > deg(D) — g+1. Here g is the genus of the function 
field. Further, if deg(D) >2g-l, then dim(C{H)) = deg(D) -g + 1. 

Let S r denote the set of rational places of L. Let Sd C S r be a subset of the rational places 
disjoint from P^, where Poo G S is a point at infinity. Let D and H denote divisors defined as 
H = (a — l)Poo and D — J2 v eS D v ' -Here a is a positive integer. Without loss of generality, 
assume that the degree of P^ is 1. Algebraic Geometric codes were introduced by Goppa [5] and 
are defined as follows. The messages are associated with functions in C({a — l)Poo) and the code 
is the image of the evaluation of C((a — l)Poo) at the places of Sd (Refer to [5] and [16] for a 
detailed description) . 

The minimum distance d m i n of Algebraic Geometric Codes is lower bounded by d m i n > ^Sd — 
deg(H) and likewise the dimension of the code (call k) by k > deg(H) — g + 1. The block length 
#<Sd is upper bounded by the number of rational points in L. The number of rational points 
Nl of a function field L satisfies ^ < ^/q — l(Drinfeld-Vladut Bound). If q is a perfect square, 
then there exists function fields for which the number of rational points attains the upper bound 
[17j . An explicit construction of such function fields is presented in [4]. One can thus construct 
Algebraic- Geometric codes on these function fields of arbitrarily large block length over a con- 
stant alphabet q such that both the rate and the relative minimum distance ( ) are bounded 
away from zero. 

2.1 Folded Algebraic Geometric Codes 

In Folded Reed-Solomon codes that achieve list decoding capacity [TD], the ordering of places 
was exploited by the decoder to get far better error correction. However, it was not apparent as 
to whether these techniques generalized to the case of Algebraic Geometric codes. We present 
such a folding scheme for Algebraic Geometric codes defined over certain Galois extensions. 

Consider Reed-Solomon codes where all the elements of the multiplicative group of F g are used 
for evaluation. The multiplicative group of a finite field is cyclic. Let 7 G F* be a genera- 
tor. In Folded Reed-Solomon codes the places of evaluation are enumerated as 1, 7, j 2 , . . . , j 9 ^ 1 . 
The evaluation of a polynomial / at 7*, gives us some information about the evaluation of / 
at 7 ,+1 . This is exploited at the decoder [10] . We use the action of an element of the Galois 
group to induce an ordering of the places. First, we build some notation regarding Galois groups. 

Let Gal(L/K) denote the Galois group of the extension. The cardinality of Gal(L/K) is [L : K], 
where [L : K] denotes the degree of the extension. For a place v G S and a G Gal(L/K), 
let a(v) = {a(f) : f G v}. Then <j{v) is also a place in L [16][Lem III 5.2]. Thus Gal(L/K) 
acts on the places of L. This action can be naturally extended to divisors, so that the ac- 
tion of a G Gal(L/K) on a divisor D = J2 V £S avV ^ s defined by a{D) = X^es a. v cr(v). An 
element a G Gal(L / K) induces an isomorphism on the residue fields of v and <r(v), given by 
<j(f(v)) := a(f)(a(v)). Thus deg(v) = deg(a(v)). If a fixes the divisors D and H, that is 
<j(D) = D and <r(H) = H, then a defines an automorphism on the Algebraic Geometric code 
[IS][VIII.3]. 

Let v and v 1 denote two places in L such that <7 -1 (v) = v'. Let / G L be an arbitrary function. 
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*(/(«')) - °U)vW) 

= a{f)a{a~\v)) 
= "(/)(«) 



Thus from the evaluation of / at v' we can infer the evaluation of a(f) at v. We now order the 
places of evaluation of the code so that this can be exploited at the decoder. 

For a place v <G L , an automorphism a e Gal(L/K) and a positive integer m', define r™ (d) 
to be the ordered set {v, cr _1 (u), . . . , cr~ m +1 (v)}. The evaluation of a function / giat T™ (w) 
is defined as /(r™'(t>)) := {/(u), /(a" 1 ^)), . . . , /(o- m ' +1 (w))}. Observe that /(r™'(v)) e 

0"=O ^(7-<(«)- 

Let b = [L : K] denote the degree of extension and cr € Gal(L/K) be of order to in Gal(L/K). 
Let m be a place in K that splits completely in the extension L/K. Then for every place v above 
u, <j' 1 (v) are all distinct for i = 0, to — 1. Thus r™(u) consists of distinct places. Hence the 
set of places lying above u in L is partitioned into ^ cycles under the action of a (and cr -1 as 
well) with each cycle of length to. Such an element in the Galois group of order to will be used 
to get a Folded Algebraic Geometric code with the folding parameter to. The set of places used 
to define the code is restricted to the set of rational places that resulted out of complete splitting 
in the extension. 

2.2 Code Definition, Encoding and Parameters 

We now formally describe the encoding process. Let S sp denote the set of rational places in L 
that resulted out of complete splitting and with support disjoint from points at infinity. Denote 
the cardinality of S sp by n. Observe that as v resulted out of splitting, T™{v) represents a cycle 
of distinct places under the action of cr -1 . Then S sp is partitioned into N := cycles under the 
action of cr -1 . In particular S sp = {T™(vi), r™(«2), ■ ■ ■ , F™(vn)}- Here S rep := {v\, v 2 , • • • , «at} 
is a fixed set of representatives of the orbits (cycles) of places in S sp under the action of er -1 . 

In the Folded AG code, N = — will be the block length of the code. Let H = (a — l)Poo 
be a divisor in L , where is a rational point at infinity in L fixed by a. Let £((a — l)Poo) 
denote the Riemann-Roch space associated with the divisor G. Here £((a — l)Poo) constitutes 
the message space and any function / G £{{<% — l)-Poo) is encoded as follows. The codeword 
corresponding to message / € £((a — l)Poo) is the evaluation of / at S sp . The folded code is 
viewed as a code over an alphabet q rn . 

In particular, the codeword is {f(T™(vi)), f(T™(v 2 )), . • . , f(T™(v N ))}. The rate of the code 
depends on the dimension k :— dim(£((a — 1)P (X) )). The rate of the code R = = K 

2.3 A generalization with arbitrary folding 

We now describe a variant of the Folded Algebraic Geometric Codes suited to case where the au- 
tomorphism a used for folding has a large order. Let to' < to be a positive integer. Without loss 
of generality assume that to' divides to. Recall that to is the order of a in Gal{L/K). The cycle 
T™(v) can be further partitioned into ordered sets {T™' (v), T™' (a' 171 ' (v)),...,T™' { a m - m ' («))}. 
This way we can partition S sp into disjoint ordered set of places each of size to'. 

s sp = {r™' rf (a- m ' ( Vl )),..., rf (a"' ( Vl )), r™' (v 2 ), rf (a- m ' (v 2 )), . . . , r™' (a"' (v 2 )) 
, . . .,r?'(vx.),r?' (*- m ' (v*.)), . . . ,r™'(a™>£))}. 

By evaluating / e £((a — 1)Pxj) a t S sp partitioned in this way gives us Folded codes over 
an alphabet of size q m of block length N' := and rate K Observe that the first construction 
is a special case of the second construction with to = to'. 
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3 List Decoding Folded Algebraic Geometric Codes 



We describe a list decoding algorithm for the Folded Algebraic Geometric codes in this section. 
The decoding algorithm proceeds by first interpolating a multivariate polynomial based on the 
received word. The basic outline of the algorithm is similar to the second decoding algorithm 
presented in [9], though the steps in the algorithm are considerably more complicated. 



3.1 Building the Multivariate Interpolation Polynomial 

We describe the interpolation algorithm for the code construction where ml = m and later 
describe the generalization. The multivariate interpolation step is essentially identical to [3]. 
Let {Yj,Vj G S rep } denote the received word. Here Yj G (K=o ^-^u)- Let {y vi v G S sp ) 
where y v G ¥ q denote the corresponding unfolded received word. Find a non zero multivariate 
polynomial Q € L[z\, z 2 , ■ ■ . , z m ] such that 

• V/i, f 2 , ■ ■ ■ , fm G £(( a - l) p oo), we require Q(fi, h,---, fm) G £(ZPoo) 

• Vv e S sp ,Vf 1 ,f 2 , • • • ,/m G £((a-l)Poo) such that fi{v) = y v ,f2(v) = y a -^(v), f m (v) = 
ya-™+i(v), we require V v (Q(fi, h, ■ ■ ■ , fm)) > r 

where I and r are integer parameters determined later. Here, r is the multiplicity parameter and 
V v denotes the valuation at v. 

The symbol corresponding to a place v is said to be in agreement if the received symbol at 
v , (Vv , ya- % (v)^ ■ ■ ■ 1 Ua- m + 1 {v))i is the actual transmitted symbol. The agreement parameter T 
is defined as the number of locations (places in S rep ) at which there is an agreement. By con- 
struction we see that if the symbol corresponding to v is in agreement, then so are the symbols 
corresponding to a~ a (v) 1 < a < m— 1. Thus for every symbol corresponding to a place v G 5 rep 
that is in agreement, we get m symbols corresponding to places a a (y) £ S sp , < a < m — 1 that 
are in agreement. Define t = Tm. 

Lemma 3.1. Let rt > I. If / G C((a — l)Poo) satisfies f(v) — y v , f{a^ 1 (v)) = y a -i( v ), 
f{a- m+1 (v)) = y a - m+ i (v) for at least T of the places v G S rep , then Q(f, a(f), a m - 1 (f)) = 0. 

Proof : Let St Q S rep denote the set of places in S rep such that f(v) = y v , f(a^ 1 (v)) = 
Va-^{v), ■ ■ ■ ,f(v~ m+1 {v)) = y*-™+i-(y) iVu G St- Observe that if f(a~' t+1 (v)) = y a -i+^ v ), for i = 
1, m for some v G S r e P , then f (v) = y v , (cr(f))(v) = y a -i( v ), . . . , (cr m_:L (/))(w) = y^-m+i( v y 
The cardinality of S T > T, so T, veSap Vv(Q(f, <r(f), a^if))) > rmT = rt > I. 
But Q(/,cr(/), . . . ,o- m_1 (/)) G CQPoo). This is because a fixes P x and thus ct j (/) G C((a - 
1)P«,)V/ G C((a - qP^) and j G Z. Thus Q(/, ( r(/), . . . , a m ~\f) = 0). □ 

In other words, any function (message) / G C{{a — l)P QO ) whose evaluation (codeword) has 
an agreement of at least T with the received word satisfies Q(f, cr(f), . . . , c m_1 (/)) = 0. 

The reader is referred to the original paper [9] for details regarding the construction of Q and 
a discussion relating to representation needed to efficiently compute Q. The construction pre- 
sented there runs in time polynomial in the block length. A multivariate polynomial Q with the 
desired properties exists and can be constructed in polynomial time for the agreement parameter 



a+g+m m+ ty ' N(a-l) r 



We 



T > m+ *t/ N(a — l) m [9\. The multiplicity parameter satisfies r :— , , - — 

then set I := rt — 1. Moreover the degree d of the multivariate polynomial Q is upper bounded 
by d < ^3^- which at worst grows linearly in the block length. 

For the general case of m' ^ m we make some modifications to the interpolation algorithm. 
Let s' < ml be an integer and for each v G S rep which is in agreement, at least m' — s 1 + 1, 
s'-tuples satisfy f(v') = y' v , /(o" -1 ^')) = y a -i( v >), . . . , f(<J~ m ' +1 {v')) = y a - m+ i {v ,y These are 
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v' G {v, cr—l(v), . . . , <r~ s+1 (v)}. From an analysis analogous to [TU] with the interpolation algo- 
rithm from [3], it is clear that an interpolation step can performed to obtain an s' variate poly- 
nomial Q that satisfies cr(/), . . . ,a s = over L for all codewords / G C(a — l)Poo 

that have an agreement of ( — , m , . . s ' +1 ) with the received word . Thus we can correct 

N' - ^( m /"' +1 (f ) 7 ^ 7 ) =N'- N'( m ,™, +1 (R + ^)^) errors. The degree of the polyno- 
mial Q is again bounded by ^E^-- 



3.2 Frobenius Elements and Ramification Groups 

Here we describe certain concepts in Galois extensions on which the decoding algorithms depend. 
Let v be an arbitrary place in L that is above a place u in if. The decomposition group of v is 
defined as V v := {a G Gal(L/K) : a(v) — v}. Thus the decomposition group of a place is the 
set of all elements in the Galois group that fix that place. For a G T> v , the action of a on the 
residue class field F„ is well defined. That is a(f(v)) = a(f)a(v) = a(f)(v). Thus, there is a 
natural homomorphism <f> : T> v — > Gal(¥ v /¥ u ). The homomorphism is surjective. The kernel 
of this homomorphism X v is called as the inertia group of v. The following definition for the 
inertia group is equivalent X v = {a G Gal(L/K) : a(f)(v) — f(v), V/ £ Ol}, where Ol denotes 
the ring of integers of L. When the place v is totally ramified, the inertia group I v is the whole 
Galois group Gal(L / K). When the place v is unramified, the inertia group is trivial. The residue 
class field extension ¥ v /¥ u is cyclic and is hence generated by a single element. Moreover if v 
is unramified then X v is trivial and hence there is a unique clement a v € Gal(L/K), called the 
Frobenius element at v, such that a v (f) = /#(°"/ u ) mod v for all / <E Ol- 

Let i» be a place in L above a place u in K . The set of decomposition groups of places above 
u are conjugates [TS] [Proposition 9.7]. Thus Gal(L/K)/T> w is the set of decomposition groups 
of places above u. Each of these decomposition groups are generated by the respective Frobe- 
nius elements of places above u. Denote by H„ := {<j w , id is a place above u}. This set of all 
Frobenius elements of places in L lying above u is called as the Artin conjugacy class of u. Let 
C Gal(L/K) be the conjugacy class of an arbitrary element in Gal(L / K). 

Tchebotarev Density Theorem ( [S] , [TS] [Thm 9.13B]) states that, 



4^\\J n deg(u) 

#{u ■ i\ : ,::„ >i'| 



#Gal(L/K) deg{u) 



5 ^sdSw' 4 * 1 + £ 

uS-L, e(ti)>l 



Here g(K) denotes the genus of K and e(u) denotes the ramification index of u. From the 
Riemann-Hurwitz genus formula |16j . it is evident that X^ugl e(u)>i deg{u) grows at worst lin- 
early in g and [L : K\. 



3.3 The Root Finding Problem 

From the previous section, for the case of m' = m it is evident that, messages that have an 
agreement of at least T with the received word are a subset of / S £((a — l)Poo) that satisfy 
Q{f, <?(f), c 2 (/), ■ ■ ■ ,cr m_1 (/)) = 0. Thus we can find all the messages in the list if we could 
enumerate all / € £((a - l)Poo) that satisfy Q{f,cr(f),c7 2 (f), . . . ,cr m - 1 (/)) = 0. We have to 
solve the following root finding problem. 

Given a polynomial Q S L(z\, z 2 , . . . , z m ) such that for every hi, h 2l ■ ■ ■ , h m G C((a — l)P oc ), 
Q{hi,h2, . . . ,h m ) G C(lPoo) and an automorphism a G Gal(L/K), enumerate f G C((a — l)Poc) 
that satisfy Q(f lC r(f), a 2 (f),... 1 a m -i(f))=0. 

In the case where m! ^ m, the problem is to enumerate / G C((a — l)Poo) that satisfy 
Q(f, <t(/), cr 2 (/), . . . , cr s = 0. We describe an algorithm that finds all such /. We handle 
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the cases of the two code constructions separately. First we develop some notation common to 
both. 

Let w (unramified) be a place in L lying above u in K such that a is the Frobenius element 
at w. Further assume that the degree of u is 7/ = Clog 9 (n), where C is a positive constant. As 
<7 has order m in Gal(L/K), the degree of w is 77177. We recall that the action of a at w is given 
by cr(/) = /#(°«/«) mod w. That is a(f) = f v mod iu. 

We now establish the existence of a place w of degree mr] such that cr is the Frobenius ele- 
ment at w. The existence follows from the Tchebotarev Density Theorem for function fields 
which gives the following lower bound on the number of w of degree 777.77 such that a is the Frobe- 
nius at w, #{w G L : a w = a,deg(w) — mr]} > ± O(gq^). Thus for large enough 77, such a 
place w always exists. In fact, — fraction of all unramified places of degree 77 in K have a place 
w above it such that a is the Frobenius element at w. We are only interested in function fields 
where n > g. In this case, the choice of 77 = Clog 9 (n) with C a large enough absolute constant, 
guarantees the existence of such a w. Moreover, such a place can be found in time polynomial 
in n as follows. Exhaustively search through each place of degree 77 in K, if there exists a place 
above it where a acts as the Frobenius. 

4 Root Finding Step of the Decoding Algorithm 

4.1 The easy case : m! 7^ m and m large 

The root finding problem is solved for the case where the automorphism used to fold has an 
order m, that is a constant fraction of , ^Y..., . Further we assume that m' < m is small and 
independent of the blocklength. 

Let w G L be place of degree mr], where 77 is the smallest integer such that 77777 ^ a - 

Lemma 4.1. The evaluation map C((a — l)Poo) f w is an injection 

Proof: The kernel of the map is the Riemann-Roch space C((a — \)Poo — w). The degree of 
the divisor associated with the kernel deg{a — 1 — deg(w)) = a — 1 — deg{w) < 0. The dimension 
of the Riemann-Roch space associated with any divisor of negative degree is zero. Hence the 
kernel is zero dimensional and hence the map is injective.D 

In addition, assume that a is the Frobenius element at w. Let Q be the s' variate polynomial 
that resulted from the interpolation step. 

Lemma 4.2. The number of f G L that satisfy Q(f, cr(/), . . . , a s — is upper bounded 

by a polynomial in the block length N' . 

Proof: Clearly, Q(f,a(f),...,a s '(f)){w) = Q(fJ q '\-.-J q(s as a acts at w as 

a(f) = f ql1 (mod w), V/ € O w . We define Q w :— Y^t=o Qi( w ) z i i0 ' z 2^ ■ ■ ■ ^m"* -1 as the reduction 
of Q at w. If / € O w satisfies Q(f, a(f), .. . , ^'^(f)) = 0, then Q(f, /«',..., f^'^^w) = 0. 
Thus f(w) is a root of Q w {z, z qV , . . . , z qi " 1>TI ) over F„. The degree of Q{z, z qV , . . . , z q{ " 1)ri ) is 

bounded by d.q( s Thus the number of roots of Q w {z, z q " , . . . , z qi " 1>,! ) in F w is bounded 

by d.q( s As Ciia — l)Poo) F w is an injection, the roots f(w) € F^ lift to a unique 
/ e £((a - l)Poc).d3 

Thus gives an upper bound on / G l)^^) that satisfy cr(/), . . . , a s = 

1 Note that for the proof of Lemma 14. 2l to be complete, we need to ensure that Q w (z, z qrl , . . . ,z qi ~ v ) does 
not go to zero. Such situations are overcome through a procedure analogous to [5][Lem 6.7] by using the fact that 
> d 
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0. Observe that d.q( s 1 ^ r) is polynomial in the block length N' — This is because, m is a 
constant fraction of j^nv 7 ) an d a — n - Hence the inequality mr\ > a holds for an 77 = C\og q (n) 
and a large enough constant C. 

4.2 Lifting algorithm to solve the Root Finding Problem: 

We describe an algorithm to solve the root finding problem when the order of the automorphism 
cr is small. In this case however the algorithm is much more complicated. We only describe the 
algorithm for the special case of m' = m. The generalization to m' 7^ m is straight forward. 

We begin by developing some notation about local completions. Let L w denote the local com- 
pletion of L at w. Let t be a local parameter at w. That is t G L such that tO w — wO w . Every 
/ G O w has an expansion at w of the form / = -fd € L w . Here f c € O w /wO w = ¥ w . 

Thus O w can be thought of as the ring of infinite power series in t, ¥ w [[t]]. Let Cf=(f) be an 
alternate notation for the coefficient f c . 

The interpolated polynomial Q{z\, Z2, ■ ■ ■ , z m ) has degree d and hence can be written as 
~^2p apZi • ■ ■ zf, m , where [3j < d, < j < m — 1 and a/3 G L. Here /3 is used to index the 
monomials of Q. Let B denote the set of all f3. We define Q w :— J^p a/3(w)z^ 1 z!^ 2 . . . z@™ as the 
reduction of Q at w. 

Elements of V w fix t up to a unit. Thus for all r G D w , -r(t) = Qt where £ is a unit in O w . 
Clearly being the Frobenius element at w, cr is contained in T> w , so for all positive i and j, 
cr l {f^) = Cijt-i where Cij is a unit of O w . For simplicity of presentation in the discussion below, 
we will assume that a(t) = t. Since a acts on 7 G ¥ w as a : 7 — > ~f q and fixes t, a acts on 
0«, =¥ w [[t]] as 

OO OO OC 

^(E/ct c ) = E^(/c* c ) = E/c'V 

c=0 c=0 c=0 

Lemma 4.3. The linear reduction map <p '■ — l)-Foo) ^ ^[[i]]/ < t e > that takes f G 

£((a - l)Poo) C Otu to X)c=o /c^ c «s injective for e > |"J2L] . 

Proof: Let ft G £((c* — l)Poo) be in the kernel of the map. Now h c t c G £((a — l)-Poc)- But 
t c has c zeros at w. Thus / c t c G £((a — l)Poo — iw). For i > ["^], deg((a — l)Poo — iw) < 0. 
Hence £((a — l)Poc — iw) is zero dimensional and h c — 0, c > [~— ]. As /i is in the kernel, 
h c = 0, < c < r-2Ll . Thus ft = 0. □ 

We now set e = \^-~\- Thus / G £{(ct — l)Poo) can be determined from its truncated ex- 
pansion <j>( f) — J2c =0 fct l - From the above lemma it is clear that to find the list of messages 
with sufficient agreement, it suffices to solve the following problem in the local completion. 

Find all <f>(f) G ¥ w [[t]]/ < t e > such that Q(f,a(f), . . ■ ,a m - 1 (f)) = in ¥ w [[t]} 

An algorithm is described in the next section to solve the above problem from which the be- 
low result follows. The algorithm depends only on the coefficients a/3.0, 1 , ■ • ■ , ap. e . Under the 
assumption that the received word and the interpolation algorithm induce a distribution where 
the coefficients a^o, a/3,1, ■ ■ ■ , ap,e are independent uniformly distributed random variables in F^, 
we have the below result. 

Theorem 4.4. If {ap !C ,0 < c < e,[3 G B} constitute a set of independent, uniformly random 
elements from ¥ w , then the expected list size is bounded by d.q( m ~^ v . 

A proof of the above theorem is given in the next section. 
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Heuristic Assumption: We assume that for a random received word, the interpolation algo- 
rithm maps the received word into {ap >C i < c < e, /3 G B} thereby inducing a distribution 
wherein a^ jC are independent, uniformly random elements from ¥ w . 

The heuristic assumption is a natural one because the coefficients of Q, ap € C({a — l)Poo) 
are determined as the solution of a linear system that depends on the received word. The linear 
system is usually close to full rank. This is followed by the reduction of ap, c modulo t e . 

With this assumption, for a random received word, the expected list size is bounded by dq( m ~ 1 )' , , 
which is a polynomial in the block length. 

5 Root finding in the Local Completion 

We describe an algorithm to determine <fi(f) E ¥ w [[t]]/ < t e > corresponding to / 6 C((a — 
l)-Poo) C F^[[t]] such that Q{f, cr(/), . . . , c m ~ 1 (/)) = in F^[[t]]. As a consequence we have an 
algorithm that solves the root finding problem for the case of m small compared to the block 
length. We prove (Theorem I4.4|) that the expected number of roots is bounded by a polynomial 
in the degree of Q and the size of the residue class field F„ when the coefficients of Q modulo t e 
is drawn at random. 

We begin by writing down the constraints that {f c }c=o corresponding to <j)(f) = X)c=o fd c 
must satisfy. 

Lemma 5.1. For all f £ ¥ w [[t}} such that Q(f,a(f), . . . ,(T m ~ l {f)) = in V w [[t]] and i > 0, 

z—l i— 1 i — 1 

Q(E ^ tC > E fct c , ft <m "V) = (mod f) 

c=0 c=0 c=0 

Proof: For all i > 0, we have 



c=0 c=0 c=0 

«E ^ tc < E ■ ■ ■ E ff m ~ 1>tc ) ( mod **) 



c=0 c=0 c=0 c=0 c=0 

i — 1 i — 1 i — 1 



c=0 c=0 c=0 



^ 2 (/), ■ • • , ^ m_1 (/)) = o => qE /^ c < ^E ^ c )' ■ • • - * m_1 E /ciC )) = ( mod *' 



c=0 c=0 c=0 



i— 1 i— 1 i— 1 

_„(m-l) , 



«E /ctC ' E ^ • • • E O = (mod *«)□ 



c=0 c=0 c=0 



Further / G C((a — l)Poo) is determined by / mod t e . Hence it suffices to determine {fc\ e c= o 

such that Q(TZl U c , Ec=o ffr, 

depend on the coefficients of Q modulo t e 



such that Q(X)c=o / C ^ C ' E* c =o ft^i ■ ■ ■ > Ec=o ft™ 1 * C ) = (mod t e ). These equations only 



We begin by determining the list of possible fo. We have Q(fo, fo , • • • , fo ) = (mod t). 
Thus f is a root of Q w (z, z q " , . . . , z"?"'" 1 1} ) in ¥ w . Hence a list of possible fo can be enumerated 
by finding the roots of Q w (z, z ql1 , . . . , z qV{m ) whose degree gives an upper bound of d.g I?( - m ~ 1 - ) 
on the number of possible fo- 
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i-l 



For every fixed /o, /i, . . . , fi-i such that 

i-l i-l 

Q(E /c* 6 , E /* V > ■ ■ • > E /f tm_1J * C ) = (mod f), 

c=0 c=0 c=0 

we have 

i i i 

Q(E /c<c ' E • ■ ■ . E /I' Cm_1) * c ) = w** ( m od f +1 ; 



where M< = C 4 , (Q(£* =0 /o* , EUo /f*", ■ • • . E*e=o ff^))- 

Again the set of valid fa is contained in the set of that satisfy \ii = 0. Observe that = 
is a polynomial equation in / , /i, . . . , fi- Given that /o, /i, ■ ■ ■ , /i-i are already determined, we 
can break /ii into a polynomial in /j and a polynomial that does not contain /j. The polynomial 
in /j turns out to be very special. It is an additive polynomial whose coefficients depend only 
on /o and apfi. We now proceed to illustrate this fact and show how this can be exploited to 
determine 

Consider the term 

oo oo oo oo 

E u c )C£ ffn . . . (E ft^n 

c=0 c=0 c=0 c=0 

Pi v &i z f3 m 



corresponding to the monomial a^z^z^ 



The coefficient of t l that arises from this monomial is 

rn 

JO 7i +«3,»/0 + H l3,t 

Here i?^ depends on {a^o, a/3,1, ■ ■ • , cs/3,i-i, /o, /1, • • ■ , /i-l} and := X^li Pjq {j ~ 1)71 ■ 
By taking the sum over all monomials, we get 

rn 

where ifi := J2fj H /3,i 

The term depending on /j can be rewritten as 

m m 

e-w e /o v? " l, vr i,, =E(E/o V9 )/r" 

Define F(,z) := Ej=i (E,a /3-#o /o^ ? Clearly F is a fixed polynomial independent 

of i and depends only on a^o and /o. 

Now ^ = => F(/i) + X)/3 a /3,i/o^ + #» = 0. As /o, /1, . . . , /i-i are fixed, we can solve for 
fi by finding the roots in ¥ w of the polynomial F(z) + ap^f^ + Hi = 0. 

Observe that the polynomial F{z) € F w [z] is an additive polynomial (or a q— polynomial) [6] [12] 
and it is F u — linear. The roots of F(z) in thus forms an F„— linear space. The polynomial 
F( z ) + Es a /3,i/o 13 + Hi = is the sum of the additive polynomial F(z) and the constant term 
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a P,ifo 13 +-^»- For each i, the constant term a>p,ifo 13 +Hi is fixed given that /q, /i, . . . , 
is fixed. We now state a useful lemma on the structure of the roots polynomial that are the sum 
of an additive polynomial and a constant. 

Let P{z) £ ¥ w [z] be an additive polynomial that is F„— linear. In particular P is of the form 
P(z) — Yl'jTo Pj zq3TI -i where pj <E ¥ w . Let U denote the ¥ u linear space of the roots of P in 
¥ w . Let 8 £ ¥ w be an arbitrary field element. 

Lemma 5.2. If 71, 72 S are two roots of the polynomial W(z) := P{z) — 8, then 72 G 71 + U 

Proof: The elements 71,72 € F are roots of W. Thus P("fi) = 8 and P(j2) — 8 P(7i) = 
P(72). But P is an additive polynomial. Thus P(7i)— ^(72) = =>■ P(7i— 72) = 72 G 71+?/. 

The converse holds as well. That is, if 71 is a root of W, then all the elements of 71 + U 
are roots of W. Thus the polynomial either has no roots in ¥ w or has exactly #i7 roots. 
Further, W has a root say 7 € F^ if and only if P(7) = S. 

Consider the space of F„— linear maps from F^, to ¥ w . Every such map arises out of the evalu- 
ation map of an addiditve polynomial j6]. Let P(Fu,) denote the image of F^, under the linear 
map associated with P. From the above argument, it is clear that the polynomial W has a root 
in ¥ w if and only if 5 e P(F W ). 

Define Si :— — i/3.i/o ~ Hi- The polynomial F(z) — Si has roots in ¥ w if and only if 

Si e /<-(:-;,•)• 

This prompts at an iterative procedure that can be used to exhaust the list of all coefficients 
{/c},0 < c < e that correspond to the messages / in question. We now present the algorithm. 
Consider a rooted tree with root r and nodes corresponding to elements from F^,. 

The Decoding Algorithm 

• Set of roots of Q w {z, z qV , . . . , z 9 ^ ) in ¥ w as the children of the root. 

• Compute U, the space of roots of F(z) in F^ and F(¥ w ). 

• For i = 1 to e, 

For every path (r, / 0) fi, . . . , do 

— If Si € F(¥ w ) with P(7) = Si, then set 7 -I- U as the children of fi-\. 

• Lift every fo + fit + ■ ■ ■ + f e t e corresponding to a path (r, /q, fx, . . . , f e ) to a function 
/ e C((a ~ 1^). 

• Output the list of all such functions that have sufficient agreement. 

The root finding in the first step can be performed efficiently in time polynomial in the degree of 
Q w (z : z qV , . . . , z qr,(m 1> ). The root finding in the second step can be done efficiently by solving a 
linear system as described in [I5 [Equation 3.16]. Hence the total running time of the algorithm 
is bounded by the number of nodes in the tree. 

5.1 List Size and Running Time of the Algorithm 

In this section we present a heuristic argument that shows that for a random received word, the 
running time of the algorithm as well as the list size grow polynomially in the block length with 
very high probability. 
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The list size is clearly upper bounded by the number of leaf nodes at the level e in the tree. 
The number of choices for fo is upper bounded by d.q^ m ~ 1 ^ 1 , which is the degree of the polyno- 
mial Q w {z, z ql \ . . . , z 9 " <m 1> ). For a fixed fo, we now analyse the number of leaf nodes at level e 
that are descendents of fo- 

Assume that fo and a^o are fixed. Let be a descendcnt of fo with fo, fi, f%, ■ ■ ■ , fi-i 

being the path from fo to f\. The node has children if and only if S £ F(¥ w ). The image 
F(F„,) is an F„ linear space of dimension m — dim(U), where dim(U) is the dimension of U . We 
reiterate that the linear spaces U and F(¥ w ) are fixed once fo is fixed. The probability that a 
random element in ¥ w is in F(¥ w ) is Prob{S l £ F(¥ w )} = = ^'"^T""' = q -vdim(U) _ 

The expected number of fi given {fo, fi, . . . , fi-i} is 

E(#/i|{/o, fu ■ ■ ■ , fi-i}) = #U.Prob{5 % £ F(¥ w )} = q d"n(U) q - dtm{ u) = l 

Lemma 5.3. If Si are uniformly random elements from ¥ w , the expected number of nodes at 
level i that are descendents of a fixed fo is bounded by 1 

Proof: We prove the above claim by induction. Again, fix fo- The expected number of f\ 
is thus 1. Assume that the expected number of fi-i that are descendents of fo is 1 (Induction 
Hypothesis). 

The expected number of fi is that are descendents of fo is 

E E(#/<K/o,A,...,/i-i}) 

{/0,/l... •,/*-!} 

#U.Prob{S t £ F(¥ w )} 

{h,fi,-Ji-i} 

= ^ 1 = #{io, fl, ■ ■ ■ , fi-l} 

{f0,fl,-,fi-l} 

But #{/o, fi, ■ ■ ■ , fi— i} is 1 by the induction hypothesis. Thus the expected number of fi that 
are descendents of fo is 1 

From the above argument it follows that under the assumption that Si are random elements 
in F^, the number of f e that are descendents of fo is bounded by 1. Hence the total number of 
f e is bounded by the number of fo- Thus the list size is upper bounded by the number of fo- 
Thus the list size is bounded by d.q^" 1-1 ^ 71 . 

From the algorithm description, it is clear that the algorithm depends only on apfl, a/3.i, ■ ■ ■ , i/3,e, 
the coefficients of Q modulo t e . Consider the set of coefficients {ap,c, < c < e, (3 £ B}. This can 
be regarded as an element in @ <c<e peB ^ ne interpolation algorithm followed by reduction 
modulo t e , maps the received word to an element in the finite set (B < c < e ^g^F^. 

We now present a lemma that relates the distribution of {ap jC , < c < e, [3 £ B} to the distribu- 
tion they induce on Si. 

Lemma 5.4. For a fixed fo and < i < e, if {apt, (3 £ B} are independent and uniformly 
random then Si is a uniformly random variable in ¥ w . 

2 We have to address the case where F(z) is identically zero. In this case any /j £ ¥ w satisfies F(fi) = 0. 
However F(¥ w ) = 0. The probability that 8i = is ^ F . Thus the expected number of fi given fo, /i, . . . , fi—i 

is ^.#F„ = 1 
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Proof: By definition, 6 j = — a (3,ifo P ~ Hi. Consider Hi to be an arbitrary element in ¥ w . 
For a fixed /o, <5i is a fixed linear combination of a^i,/3 € -B plus an arbitrary constant. Over 
a finite field a finite linear combination of independent uniformly distributed variables plus an 
arbitrary element induces the uniform distribution. Thus Si is a uniformly random element in 
¥ w for every < i < e.D 

Consider the case when {ag, c , < c < e, (3 G B} are independent, uniformly random elements 
from ¥ w . In this case the constraint that {ap^,(3 G B} are independent uniformly random is 
clearly satisfied. Thus we have the following theorem. 



Finally, Theorem 14.41 follows from lemma 15.31 , lemma 15.41 and the fact that the list size is 
bounded by the number of leaf nodes at level e in the tree.D 

6 Polynomial List Sizes and A Question on the Existence 
of Certain Field Extensions 

We apply the Folded Algebraic Geometric Code construction (the case of m! ^ to) to certain 
field extensions that have large order automorphisms and solve the root finding problem that 
arises at the decoder for this special case. 

Let L a be a finite Galois extension of ¥ q (x). Assume that we have a sequence of such func- 
tion fields L a , a 6 Z + with genus g(L a ) tending to infinity as a grows. The function field 
sequence L a is called as asymptotically good if the ratio of the number of rational places in L a to 
the genus g(L a ) is bounded away from zero as the genus g grows. This is an informal definition. 
For a formal definition see [TB][V.3.6]. In our context we pose a further restriction and say that 
L a is asymptotically good if the ratio of the number of rational places in L a that resulted out of 
splitting in the extension (call n) to the genus of L a is bounded away from zero. In addition we 
require that L a also have a large order automorphism r G Gal(L a /¥ q (x)). 



Question 6.1: Does there exist an asymptotically good sequence of function fields L a such that 
there exists an element r G Gal(L a /¥ q (x)) whose order to is a constant times fog^L^fx)]) ? 



If such an extension exists, the number of rational places in L a is upper bounded by q.[L a 

N' 
log„(A" 



F 9 (a;)] = q.#Gal(L a /¥ q (x)). Thus m is a constant fraction of lo ^jm ■ From section |4~TI we 



have the following result. 

The codes constructed from L a are of block length N' , rate R over an alphabet of size q m that 
can correct N' — N'( m , " l s , +1 (R + ^t) b ' +1 ) errors with a list size bounded by a polynomial in N' . 

In addition to being asymptotically good and possesing a large order automorphism, if the tower 
is asymptotically optimal, then the fraction of errors corrected approaches 1 — R — e for the choice 
of to' = 9(4r) and s' = 6(i). 

A discussion on the existence of asymptotically good towers of function fields with large auto- 
morphism follows. 

We begin by considering towers where the field at the top is Galois over the rational func- 
tional field. The Galois closure of the Garcia-Stichtcnoth is one such example. It is interesting 
to note that the Galois Closure of the Garcia-Stichtenoth towers are optimal as well [18] . Thus 
in that case the function field on the top of the tower (call L a ) is a Galois extension of ¥ q 2(x). 
Thus we can hope to use elements of Gal(L a /¥ q 2(x)) to fold the code. But the Galois group is 
non commutative and it is not clear if there exists an element of order comparable to the degree 
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of the extension. In fact, when q is prime, the Galois group is @° =0 Z/qZ. In this case no such 
large order automorphisms exist and all elements have order at most q. 

There certainly exists geometric extensions with large automorphisms. For instance, there ex- 
ists cyclic extensions (Galois Group is cyclic) over V q (x) of arbitrarily large degree, when the 
degree of the extension is a power of q. These are called as cyclotomic function fields [15] [chap 
12], [6] [chap 3] and are generated by adjoining to ¥ q (x), a torsion submodule of the division points 
of a Carlitz module. However, such extensions do not posses enough places of small degree as 
illustrated below. The prospect of using cyclotomic function fields in folded codes was inspired 
by a communication with Venkatesan Guruswami[7] for which we thank him. 

6.1 Cyclotomic Function Fields 

Cyclotomic function fields are certain geometric extensions of function fields where the Galois 
group of the extension is cyclic. A description of cyclotomic function fields follows. The notation 
and definitions are based on [T5] [chap 12] . 

Let k be a function field of characteristic p with as the field of constants. Let r denote 
the q— th power map. Let k < t > denote the ring of twisted polynomials over k with the com- 
mutation rule rh — h q r ,V/i <E k. This is the ring of additive endomorphisms of k (the algebraic 
closure of k) that fix ¥ q . 

We now consider a special case. Set A = ¥ q [T] and k = ¥ q (T). 

A Drinfeld module for A is an ¥ q algebra homomorphism p : A — » k < r > such that Va G A, 
the constant term of the image p a is a. Further, to ensure non-triviality, for at least one a £ A, 
the image p a ^ k. The homomorphism p gives k an A— modules structure by defining the mul- 
tiplication a.u = p a (u),Va G A,yu € k. Consider the module A p [a] := {A £ k\p a (X) = 0}. For 
every non zero a £ A, A p [a] = A/aA © A/aA © ... © A/aA (r times). Here r is the rank of the 
Drinfeld module. [15] [12.4] 

Let kp^ a := fc(A p [a]) denote the extension obtained by adjoining the elements of A p [a] to k. 
Such extensions are Galois extensions [15] . 

A rank-one Drinfeld module with pt = T + r is called as a Carlitz module. From now on, 
we confine our attention to Carlitz modules. In the case of Carlitz modules, Gal{k Pta /k) is 
abelian [15] [12.5]. This abelian extension fc PjQ /fc is called as a cyclotomic function field. In this 
case the degree of the extension is &(a), the number of non zero polynomials of degree less than 
the degree of a and relatively prime to a. Let deg(a) denote the degree of a as a polynomial in 
A. In fact Gal(k Pj a/k) is cyclic if a is irreducible. 

The following theorem describes the splitting behavior of places in the extension k Pi a/k. Let 
it be a place in k that is not a place at infinity. Let / be the smallest integer such that u* = 1 
mod a. 

Theorem 6.1. The place u factors into $(a)// places in k P:a . \15f [12.101. 

Lemma 6.2. Every place in k p<a has degree at least deg(a), except possibly for places at infinity. 

Proof: The degree of a place v £ k p ^ a lying above u 6 k is f.deg(u). But u* = 1 mod a => 
deg(u).f > deg(a) ==>• deg(v) > deg(a).D 

Thus every place in fc P:0 (apart from places at infinity) has degree at least deg(a). Hence any 
evaluation based code on the function field fc p a that uses places away from infinity for evaluation 
has an alphabet size of at least q deg ( a >. This is because the size of the residue class fields at these 
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places is at least q de 9( a K 

The degree of extension [k pM : k] is upper bounded by q de ^ a \ Thus the order of any element in 
Gal(k p , a /k) is upper bounded by q de 9( a ) , Consider the case where the cyclotomic function field 
kp. a is used in a folded construction. Suppose places of degree d(> deg(a)) are used for evalua- 
tion. The block length in this case is at most the number of places of degree d. The number of 
places of degree at most d in k is bounded by q d . At best all these places split, giving q d [k p . a , k] 
places of degree at most d in k pa . 

Thus q d [k p ^ a , k] < q d q de s( a ) is an upper bound on the block length. The alphabet size is at 
least q dm , where m' > 2 is the folding parameter. Thus the alphabet size of these codes is at 
least q 2d . However, the block length is bounded by q d q de 9( a ) < q 2d _ Thus the alphabet size is at 
least as big as the block length^. 

One major motivation for generalizing Folded Reed-Solomon codes to Folded Algebraic-Geometric 
codes is to find codes over an alphabet independent of the block length. But folded codes defined 
on cyclotomic function fields do not improve on Folded Reed Solomon codes in terms of alphabet 
size. Recently, Guruswami [8] overcame this obstacle by considering certain special subfields of 
the cyclomic fields thereby achieving an alphabet size that is logarithmic in the block length. 

7 Folded Codes from Garcia-Stichtenoth Towers 

Garcia and Stichtenoth described [2] function field towers that are asymptotically optimal. That 
is they attain the Drinfcld-Vladut bound. We apply the construction with in' ^ m to these towers 
of function fields. We state the below theorems quantifying the error correction performance of 
these codes. 

Theorem 7.1. The folded codes from Garcia-Stichtenoth towers of rate R, block length N over 
an alphabet of size q 2m can correct N(l — (R + ^rj) m+1 ) errors. 

The expected list size bounded by under the heuristic assumption 

Theorem 7.2. The Folded codes from Garcia-Stichtenoth towers of rate R can correct up to a 
fraction of 1 — R — e errors over an alphabet of size (^) 0( - 7 ' independent of the size of the block 
length. 

The expected list size is bounded by iV°W under the heuristic assumption. 

These are towers defined as a sequence of Artin-Schreier extensions. The base field is the fi- 
nite field F g 2, where q is a prime power. Fq is the rational function field Fq = F g 2(x). 

x i+ x i = i-i , - il< 1 < «• 
x i-l + 1 

The splitting behavior of places in the tower is critical to our code construction and is completely 
described in [T] . Let S sp denote the set of all places in F a , that resulted out of complete splitting 
in the extension F a /F a -i. Let P$ , 9 € Fq denote the unique place in Fq that is the zero of xq — 9 
. Let Q, := {P £ Fq : j3 q + f3 — denote the set of q trace zero elements in Fq. The places 
Pg,9 £ Fq \ fl completely split in the extension F a /Fo. So the number of places in S sp is at 

3 The sum of the degrees of places at infinity in k Pt a is at most q de 9\ a ) . The genus of fc Pj£l is larger than q de9 (a). 
Thus if only places at infinity are used as evaluation places, the message space of the code is trivial. 
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least q b (q 2 — q). The extension i^/i^-x is Galois , but unfortunately the extension F a /Fo is not 
a Galois extension. So we use automorphisms in the Galois Group of the extension F a /F a —i to 
fold the codes. The Galois Group Gal(FiJ '-Fj-i) is isomorphic to f2, the additive group of all 
trace zero elements in ¥ q 2 with trace taken down to F 9 . In particular, any non trivial element 
a e Gal(F a / 'F a -i) has order m that equals the characteristic p of the finite field W q . The genus g 
of the function field F a is (q% — l)(q~^~ — 1) if a is even and (q~^~ — l) 2 if a is odd. In either case 
the genus is approximately q a+l . The point at infinity in Fq is completely ramified in throughout 
the tower and there is a unique place at infinity Poo € F a of degree 1. As Poo is totally ramified, 
Poo is fixed by any element of Gal(F a /F a -i). 

The automorphism a is used to fold the places = S sp . By evaluating C((a — l)Poo) at P s , 
we get a folded algebraic geometric code with n = q b (q 2 — q) and a folding parameter of m. 
Observe that by increasing a we can make n arbitrarily large compared to m. 

Thus the block length of the resulting code is N — ±S±-Z3l_ xhe dimension of the code 
k = dim(C{{a — 1)P 00 )). If a — 1 > 2g — 2, then k = a — g. The code is over an alphabet 
of size q 2m and under our heuristic can be decoded if the agreement T is at least m+ y/ N(a — l) m 
with expected list size bounded by d.q 2 ^ 171 ^ 1 ^ 1 . Thus the number of errors that can be corrected 
is N - ™+i/N(a - 1)™ = JV(1 - = AT(1 - (# + ^)*) 

Observe that n/g tends to g — 1 as g grows. Here m equals p, the characteristic of the fi- 
nite field ¥ q 2 . Theorem 17.11 follows 

The expected list size bounded by N ot * m ^ under the heuristic assumption 

Observe that the Folded codes from Garcia-Stichtenoth towers of rate R can correct up to a 
fraction of 1 — R — e errors when m = p = O(-) and q = p b with b > 2. This is the optimum 
tradeoff in terms of rate and error correction [3]. Thus if q = p 2 ,we can achieve the optimum 
rate-error correction tradeoff over an alphabet of size (\)°^ s> independent of the size of the 
block length. Theorem l7.2l follows. 
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